Boot Live Graphene OS To Ram Forensics Protection

Kibi

Installing GrapheneOS as a live OS to RAM would provide the ultimate level of forensics protection. This isn't for everyone, but having the option to have your phone seized without needing to duress and find yourself in legal or physical trouble for that would be the highest level of security. Something like fastboot boot --ram grapheneos.img during startup. Are there live images of GrapheneOS? If not how difficult would it be to create one as an individual or GrapheneOS themselves?

Think of it like Live Linux USB's but for phones. Graphene already knows how to work with pixels and their unlocked bootloaders for best shot compared to linux distributions who aren't as focused for live support for phones.

DeletedUser237

Kibi That's easier said than done. I get the sentiment but I wouldn't count on such approach. There are better areas to focus on to both improve UX and security.

Stayjuice

Kibi Where I’m from, I found myself in a situation where they demanded I hand over my decryption key—or else. I explained that I have PTSD and couldn’t remember the password. That stopped them in their tracks. Mental health issues, like PTSD, depression, and anxiety, can mess with your memory—things like forgetting passwords. It’s not something they can easily disprove, and it makes it harder for them to push consequences.

The way I handle my devices, there’s never any data left to recover. I’m always wiping browser history, app data, and anything else, using software to securely overwrite it all. No traces, no risks.

DeletedUser237

Stayjuice I’m always wiping browser history, app data, and anything

Have you verified this yourself? Just curious, how if you did.

X000X

Stayjuice what. Method do you use ro overwrite?

Stayjuice

DeletedUser237 yes I have you can test it with a pc and data recovery software there is specific ones for android. I know it works because I had my device forensically examined and no data was recovered and that was before there was graphene os many years ago. I use ishredder and overwritten the data 3 times with dod wipe algorithm and that’s why I trust the developers and said app I wouldn’t just blindly trust software or apps I actually test them with data recovery. Overwriting deleted or deleted data in my opinion is the only way to be sure it’s gone.

Browsers I mainly set to forget history all together and just book mark pages I’m researching. I was
Targeted by law enforcement for free speech and most of my systems now and set to remember very little even my pc remember very little but it took me years to perfect the methods for pc

DeletedUser237

Stayjuice I know it works because I had my device forensically examined

To follow up on this, was this a professional forensic examiner with access to stuff like cellebrite or whatever is the new hot on android (not dealing with phones so I don't have up to date knowledge) or was it some 'hobbyist' trying to use free tools?

grayway2

Stayjuice ishredder is a very good tool to overwrite deleted data in free space if using an old android device without FBE or FDE enabled. One pass of "0" is sufficient not need to overwrite data 3 times.

Totally useless after android 10 and a factory reset.

troika

Stayjuice

Stayjuice I don't trust ishredder because I am a Chinese user and cannot use this software normally. I can only use it under VPN. After I told the software author about this situation, he actually blocked this vulnerability, which means we Chinese users are not allowed to use it. I am currently using shreddit

Stayjuice

DeletedUser237 it was a professional working for the police.

area51

grayway2 Totally useless after android 10 and a factory reset.

That would depend upon what you have to hide, the repercussions of being found with it and who was doing the pursuing. I would suggest that in the case of digital shredding "less is more" could get you in hot water...

Stayjuice

grayway2 how so? I mean how it useless after android 10

Stayjuice

troika you could just sideload the apk?

troika

Stayjuice Yes, I downloaded the APK through apkpure.com

grayway2

Stayjuice because encryption after Android 10 is mandatory. If the device is certified by Google, then encryption is "on" out of box.

Once you factory reset your phone, all data is gone because encryption keys are also gone.

angela

Another option could be to allow "live" profiles. On a "live" profile, Apps could be loaded for the profile, but each time the profile closed it would wipe any saved data and start again.

For users with this threat model, the 1st profile could just be to configure settings and the "live" profile would always forget since it's an amnesiac profile.

This could have many use cases, but it would also be important to remember that App and Browser fingerprinting may create some risk of some amount of cloud-based "history" even with a live profile.

Any needed connection settings would need to be imported each time, but could also be stored encrypted in the Owner profile.

GOS developers are working constantly on updates so they may have already considered this idea or experimented with it.

de0u

angela Another option could be to allow "live" profiles. On a "live" profile, Apps could be loaded for the profile, but each time the profile closed it would wipe any saved data and start again.

There is already the option of launching a "guest" profile, which I think is cleared when it shuts down. But I don't know how it works or what exactly is cleared when.

Stayjuice

X000X dod standard which is 3 overwrites I believe, I use ishredder